The document discusses strategies for monitoring and measuring cloud security. It highlights that 95% of cloud security failures through 2020 will be the customer's fault according to Gartner predictions. It also summarizes that authentication and access control, unvalidated client-side input, and bad housekeeping are among the top OWASP risks. The document advocates practices like shift left security, using tools wisely, denying access by default, and ensuring proper logging.
SlideDeck used during M365 May event for Australia and New Zeland 22/05/2020.
Discover how to secure your tenant from A to Z. From phishing, brute force to malware prevention, understand which steps to implement to harden your tenant and which features to use according to your licence level
Top #AI, #Data, #Analytics & #Leadership posts of the week! And a special nod to my #StarWars fans: May the 4th Be With You! :)
[#Cloud #Survey] 83% of #Enterprise #Software will be powered by the Cloud according to Bessemer Venture Partners. Kudos go to Byron Deeter, Elliott Robinson, Hansae Catlett, and Mary D'Onofrio. Download their report for FREE @ https://bit.ly/2VYyRle
[What's the Best Approach to Data Analytics?!] A #BestPractices #blog by McKinsey & Company advisor and Kellogg professor Tom O'Toole on Harvard Business Review @ https://bit.ly/2SzUar8
[Gartner's Top 10 Trends] We will be hitting just about every single one at the #OracleAnalytics Summit kicking off on May 12! Read More @ https://bit.ly/2SuJFpa
Ready for Monday?! Read these #Zoom #bestpractices first! @ https://bit.ly/2S83z9q
[#Beat #Zoom #Gloom] by taking the "zzz zzz" Out Of Your ZOOM @ https://bit.ly/2VZuk0S
Want to be the first to get these weekly updates? Subscribe @ https://bit.ly/2ywUkby
Be #AIDriven and see you next week!
PS: Want me to feature your post in my next update? There are 3 simple rules: 1) Focus on #AI, #Data, #Analytics, #Leadership, or #Startups 2) Make your post #Interesting, #Entertaining AND #Useful 3) Tag me on your post so I can easily track it!
Spinbackup is a Cloud-to-Cloud Backup and Cloud Cybersecurity solutions provider for G Suite.
Spinbackup protects G Suite organizations against Data Leak and Loss disasters in the cloud by letting G Suite administrators to back up their sensitive data, identify security risks, and fix them before they become a huge disaster in one dashboard.
Spinbackup helps organizations gain more control and visibility over data security by providing an additional layer of protection beyond what the typical cloud service provider can offer.
Mizuno Running Mezamashii Long Tail Blogger Outreach Case StudyGerris
A Blogger Outreach Case Study: How I Activated Hundreds of Bloggers for Mizuno Running A step-by-step walk through of a campaign that Sally Falkow and I did for Mizuno Running. See what we did to engage and activate hundreds of bloggers, from the top 100 running bloggers down the every single blogger who self-identified with being a Runner. Chris Abraham has been doing blogger outreach and influencer engagement campaigns for top global brands since 2003, including Mizuno, Alzheimer’s Association, Kimberly-Clark Health Care, Sage Software, Smucker’s, US Olympic Committee, Sharp, Snapple, and others. Chris is currently Principal Consultant of Gerris Corp. Gerris offers its clientscomprehensive online conversation marketing campaigns
Come cercano le persone il Coronavirus su Google ALE AGOSTINI
Come cercano le persone il Coronavirus su Google ITA e Svizzera: Emerge che in Italia la fobia genera ricerche 24 h su 24, in Ticino i comuni più preoccupati nelle ultime 24 h sono Mendrisio, Bruzzella e Novazzano.
SlideDeck used during M365 May event for Australia and New Zeland 22/05/2020.
Discover how to secure your tenant from A to Z. From phishing, brute force to malware prevention, understand which steps to implement to harden your tenant and which features to use according to your licence level
Top #AI, #Data, #Analytics & #Leadership posts of the week! And a special nod to my #StarWars fans: May the 4th Be With You! :)
[#Cloud #Survey] 83% of #Enterprise #Software will be powered by the Cloud according to Bessemer Venture Partners. Kudos go to Byron Deeter, Elliott Robinson, Hansae Catlett, and Mary D'Onofrio. Download their report for FREE @ https://bit.ly/2VYyRle
[What's the Best Approach to Data Analytics?!] A #BestPractices #blog by McKinsey & Company advisor and Kellogg professor Tom O'Toole on Harvard Business Review @ https://bit.ly/2SzUar8
[Gartner's Top 10 Trends] We will be hitting just about every single one at the #OracleAnalytics Summit kicking off on May 12! Read More @ https://bit.ly/2SuJFpa
Ready for Monday?! Read these #Zoom #bestpractices first! @ https://bit.ly/2S83z9q
[#Beat #Zoom #Gloom] by taking the "zzz zzz" Out Of Your ZOOM @ https://bit.ly/2VZuk0S
Want to be the first to get these weekly updates? Subscribe @ https://bit.ly/2ywUkby
Be #AIDriven and see you next week!
PS: Want me to feature your post in my next update? There are 3 simple rules: 1) Focus on #AI, #Data, #Analytics, #Leadership, or #Startups 2) Make your post #Interesting, #Entertaining AND #Useful 3) Tag me on your post so I can easily track it!
Spinbackup is a Cloud-to-Cloud Backup and Cloud Cybersecurity solutions provider for G Suite.
Spinbackup protects G Suite organizations against Data Leak and Loss disasters in the cloud by letting G Suite administrators to back up their sensitive data, identify security risks, and fix them before they become a huge disaster in one dashboard.
Spinbackup helps organizations gain more control and visibility over data security by providing an additional layer of protection beyond what the typical cloud service provider can offer.
Mizuno Running Mezamashii Long Tail Blogger Outreach Case StudyGerris
A Blogger Outreach Case Study: How I Activated Hundreds of Bloggers for Mizuno Running A step-by-step walk through of a campaign that Sally Falkow and I did for Mizuno Running. See what we did to engage and activate hundreds of bloggers, from the top 100 running bloggers down the every single blogger who self-identified with being a Runner. Chris Abraham has been doing blogger outreach and influencer engagement campaigns for top global brands since 2003, including Mizuno, Alzheimer’s Association, Kimberly-Clark Health Care, Sage Software, Smucker’s, US Olympic Committee, Sharp, Snapple, and others. Chris is currently Principal Consultant of Gerris Corp. Gerris offers its clientscomprehensive online conversation marketing campaigns
Come cercano le persone il Coronavirus su Google ALE AGOSTINI
Come cercano le persone il Coronavirus su Google ITA e Svizzera: Emerge che in Italia la fobia genera ricerche 24 h su 24, in Ticino i comuni più preoccupati nelle ultime 24 h sono Mendrisio, Bruzzella e Novazzano.
In his keynote address at D-Summit 2017 in Tel Aviv, Samuel Scott argues that we should look beyond content marketing, inbound marketing, and social media marketing to integrate traditional and digital marketing in a real way.
[US] The Content Evolution - Marcus ToberSearchmetrics
The Content Evolution- by Marcus Tober, Searchmetrics. Data-driven Marketing, Mobile/Desktop, Entities vs. Keywords, user-centric and holistic Content.
Evolving and remaining relevant as QA - TConf 2018Theresa Neate
Quality Analysts (QAs) are not there to assure quality.
They are there to analyse quality and quality practices and advise on approaches to system quality. They are particularly good at helping mitigate quality risks because of their trained ability to question what seems to be there.
They are neither the gatekeepers of the releases, nor meant to be the bottlenecks for testing, nor the owners of quality.
We always need testing and feedback, but do we always need testers?
Sometimes we do, and sometimes we don’t. This talk is knowing when one is relevant and then knowing HOW to be relevant. This includes looking after your career as QA and staying ahead of the curve and remaining employable.
Top 10 strategic predictions for 2018 and beyond by Gartner, From bots and AI to counterfeit reality and fake news, these predictions require IT leaders to pace their adoption.
Causal space-time pattern search for safe planningAnton Osika
Tackling 2 of the 5 concrete problems in AI safety with an approach of learning schemas / space-time patterns of how the world works to then optimise a reward function while avoiding negative side effects – that cannot be undone.
I.e. avoiding irreversibility / having high reachability from the baseline policy.
Layered authentication strategies ask for the right level of assurance at the right time, in an environment where risk and context might be changing constantly. This presentation on end -to-end authentication using a layered approach was delivered at iovation's annual Fraud Force Summit 2016.
2015 North Bridge Future of Cloud Computing Study, with Wikibon |Broadest exploration of cloud trends, cloud migration & evolution of the cloud computing sector. Survey participation was the largest to date and included responses from 38 countries. 50 collaborators supported the 5th Annual Future of Cloud Computing study, which reveals that cloud has become an accepted and integral technology. Furthermore, the study shows that despite deployment gaps among clouds, we should expect a future powered by hybrid cloud technologies. The question of whether companies are using the cloud has morphed to how deeply cloud adoption is integrated within the business. From the bottom to the top, all products and services will in some way be powered by the cloud making the promise of goods and services that have the potential to be better tomorrow than today. IT departments have reclaimed the reins on driving company technology strategy and cloud adoption as roles, skills and processes have shifted. Importantly, We’re also seeing the emergence of the cloud as the only way businesses can truly get more out of their data including analyzing and executing on it real-time. On the investment front, 2015 could tip the scale from private to public capital for SaaS companies.
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
Presentation from the 2016 Scalar Security Study Roadshow, highlighting the findings from the second annual Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, which examines trends among Canadian organizations in dealing with growing cyber threats.
In his keynote address at D-Summit 2017 in Tel Aviv, Samuel Scott argues that we should look beyond content marketing, inbound marketing, and social media marketing to integrate traditional and digital marketing in a real way.
[US] The Content Evolution - Marcus ToberSearchmetrics
The Content Evolution- by Marcus Tober, Searchmetrics. Data-driven Marketing, Mobile/Desktop, Entities vs. Keywords, user-centric and holistic Content.
Evolving and remaining relevant as QA - TConf 2018Theresa Neate
Quality Analysts (QAs) are not there to assure quality.
They are there to analyse quality and quality practices and advise on approaches to system quality. They are particularly good at helping mitigate quality risks because of their trained ability to question what seems to be there.
They are neither the gatekeepers of the releases, nor meant to be the bottlenecks for testing, nor the owners of quality.
We always need testing and feedback, but do we always need testers?
Sometimes we do, and sometimes we don’t. This talk is knowing when one is relevant and then knowing HOW to be relevant. This includes looking after your career as QA and staying ahead of the curve and remaining employable.
Top 10 strategic predictions for 2018 and beyond by Gartner, From bots and AI to counterfeit reality and fake news, these predictions require IT leaders to pace their adoption.
Causal space-time pattern search for safe planningAnton Osika
Tackling 2 of the 5 concrete problems in AI safety with an approach of learning schemas / space-time patterns of how the world works to then optimise a reward function while avoiding negative side effects – that cannot be undone.
I.e. avoiding irreversibility / having high reachability from the baseline policy.
Layered authentication strategies ask for the right level of assurance at the right time, in an environment where risk and context might be changing constantly. This presentation on end -to-end authentication using a layered approach was delivered at iovation's annual Fraud Force Summit 2016.
2015 North Bridge Future of Cloud Computing Study, with Wikibon |Broadest exploration of cloud trends, cloud migration & evolution of the cloud computing sector. Survey participation was the largest to date and included responses from 38 countries. 50 collaborators supported the 5th Annual Future of Cloud Computing study, which reveals that cloud has become an accepted and integral technology. Furthermore, the study shows that despite deployment gaps among clouds, we should expect a future powered by hybrid cloud technologies. The question of whether companies are using the cloud has morphed to how deeply cloud adoption is integrated within the business. From the bottom to the top, all products and services will in some way be powered by the cloud making the promise of goods and services that have the potential to be better tomorrow than today. IT departments have reclaimed the reins on driving company technology strategy and cloud adoption as roles, skills and processes have shifted. Importantly, We’re also seeing the emergence of the cloud as the only way businesses can truly get more out of their data including analyzing and executing on it real-time. On the investment front, 2015 could tip the scale from private to public capital for SaaS companies.
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
Presentation from the 2016 Scalar Security Study Roadshow, highlighting the findings from the second annual Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, which examines trends among Canadian organizations in dealing with growing cyber threats.
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
While migrating your infrastructure to the cloud offers an opportunity to rethink your approach to management and security, it can create a patchwork of processes and tools, a disorganized team, and duplication of work. In a few years, you may learn that the IT security team needs a unified approach to data protection and you must already overhaul your “new” setup. You thought you were speeding ahead with improved operations and lower costs, but you are actually in the security slow lane! Pull over and find a new route forward with VMWare on AWS by leveraging tools you know in an environment you already understand. Save years of work by utilizing a common set of tools, operational processes, and security framework when moving to the cloud. Learn tips and tactics from Trend Micro and Capgemini for setting your teams up for success now…and tomorrow.
This was one of Trend Micro's sessions presented at VMworld 2017.
Analytics That Drive The Value Of Content Pajama Program
How do you even know if your content marketing efforts are driving revenue? Are they converting to opportunities? This case study on SecureWorks tells you what you need to know and how to apply analytics to your content. Content Marketing World 2016 session with Kira Mondrus, SecureWorks and Adam Needles, ANNUITAS
North Bridge and Wikibon, announced the results of its sixth annual Future of Cloud Computing Survey, which analyzes trends in cloud computing, adoption, use and challenges on a yearly basis. The study provides the broadest and deepest exploration of cloud in the industry with 53 leading cloud companies participating as collaborators. This year’s survey received 1,351 responses, a record-breaking number, representing a 60/40 balance of user/vendor perspectives spanning senior executives to practitioners across all industry sectors such as Technology, F.I.R.E., Government, Healthcare, Manufacturing, Media, Professional Services and Transportation.
According to Wikibon’s July 2016 report based on market conditions and recent public cloud revenue results of Amazon, Microsoft, Oracle, SAP, and IBM; public cloud spending is expected to accelerate rapidly, growing from $75B in 2015 to $522B by 2026 at a compound annual growth rate of 19%. Within each public cloud segment continued rapid growth rates are also expected during this period: SaaS (19% CAGR), PaaS (33% CAGR), and IaaS (18% CAGR). Wikibon estimates that by 2026, cloud will account for nearly 50% of spending related to enterprise hardware, software, and outsourcing services.
Cloud Strategy
Based on our survey, while slightly less than 50% of all companies either have a cloud first or cloud only strategy; some form of cloud strategy is pervasive among all with 90% of companies surveyed reporting that they use it in some way.
A new finding this year is the fact that a surprisingly high number, 42%, of companies surveyed derive 50% or more of their business through cloud-based applications. In fact, a whopping 79.9% of the companies surveyed were getting some revenue from the cloud. This speaks to the digital transformation occurring across many industries and how many are looking to not only move more quickly with the cloud but profit from it as well.
Read more: http://www.northbridge.com/2016-future-cloud-computing-survey
It's not about you: Mobile security in 2016NowSecure
Legacy network security approaches define and defend a perimeter. Mobile technology explodes boundaries with apps you’re not always aware of on public networks you don't control. Dual-use devices complicate managing access to sensitive corporate resources and protecting endpoints. Traditional approaches to network, cloud, and application security don't solve the mobile security challenge.
Sam Bakken, Content Marketing Manager at NowSecure, discusses the state of mobile security in 2016 and shares strategies for managing the boundless mobile periphery.
Presentation Webinar Convertising: Creative Content X Social AdvertisingKomfo
Have you ever heard about convertising? According to the online agency, Saleskracht, it is a way to generate leads and conversions by using storytelling. Creative content, combined with social advertising, is key in this story. Watch this presentation and get inspired!
Ambiguity and uncertainty are synonymous when cloud security is discussed. As organizations transition to the cloud, security must be prepared to handle the new and evolving threats impacting cloud resources. Additional business changes affecting the cloud transition; legal, privacy, mobility, etc must also be considered when developing your overall security strategy. This talk will do a quick breakdown on defining the cloud as it stands today, along with security’s role in the cloud, and how security will evolve in a world that is ‘cloud-centric’ and where the cloud strategy will lead us within the next ten years. The talk will also provide a plan of action for building a cloud security strategy and key considerations when preparing your roadmap in a secure cloud-centric future.
PRSA Digital Impact - Does Your Brand Have ESP? Experience Styling ProfessionalsKatrina Klier
In a hyper-connected world, people experience your company in many ways, at many points in time. Traditional media, digital, and influencers all play a part. Meet the new Experience Styling Professionals – it’s not just about website design anymore.
Twitter gives B2B marketers a powerful opportunity to access broad networks of brands, companies and decision makers on Twitter. Supported by the latest research, we demonstrate why Twitter is not optional and why private and publicly listed brands are missing out on a solid opportunity if they do not incorporate Twitter into their marketing mix.
We demonstrate that Twitter is not optional for brands engaged with B2B marketing. We include the most recent data from multiple leading sources, including The Social Media Examiner, Inc.; Twitter, Inc.; Regalix, Inc. and others.
Twitter provides private and publicly-listed brands an opportunity to engage with broad networks of other brands, firms and key decision makers that also use Twitter. We note that Twitter's active user base is comprised of 250 million plus users and is growing.
When used effectively and in combination with communication strategy and tools, Twitter represents the optimal platform for deploying ongoing messaging. When viewed as a communications hub, Twitter is unrivaled through its ability to integrate other channels and information sources and to coordinate their priority and emphasis. Twitter is effective at relaying information on channels that include Websites, Press releases, Instragram, Facebook, Snapchat, URLs, and any other linkable source of information, and driving traffic to these same sources.
We note that press releases and awareness in general can be difficult for some brands and companies to generate but that Twitter is a proven solution.
Sky Alphabet is a social media marketing agency that utilizes Twitter to achieve growth, awareness and sales objectives through integrated forms of traditional and digital communications driven by Twitter. We understand that Twitter is "not easy" because of its unrelenting requirement for fresh and relevant content, but it is this same requirement that makes Twitter the ideal platform for brands, companies, people and products that are prepared to express themselves through such an advanced channel.
Author: Steve Yanor Aug 2016. @skyalphabet
Research sources: Regalix, Inc. Twitter, Inc. Social Media Examiner, Inc.
As every digital advancement creates a new vector for risk, trust becomes the cornerstone of the digital economy. To gain the trust of individuals, ecosystems, and regulators in the digital economy, businesses must possess strong security and ethics at each stage of the customer journey.
As every digital advancement creates a new vector for risk, trust becomes the cornerstone of the digital economy. Without trust, digital businesses cannot use and share the data that underpins their operations. To gain the trust of individuals, ecosystems, and regulators in the digital economy, businesses must possess strong security and ethics at each stage of the customer journey.
Similar to Thomas Scott's talk from AWS + OWASP event "Strategies for Monitoring and Measuring Cloud Security" (20)
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
Chicago AWS Solutions Architect Scott Hewitt recaps the non-GenAI updates from AWS re:Invent 2023. Updates range from storage, networking, compute and developer tools.
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...AWS Chicago
Mark Gamble
AWS Communtity Day Midwest 2023
ASC For Really Remote Edge Computing: How AWS Snowball + SpaceX Starlink + Couchbase Capella = more uptime, lower latency and better bandwidth usage for apps at the edge
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Thomas Scott's talk from AWS + OWASP event "Strategies for Monitoring and Measuring Cloud Security"
1. CONFIDENTIAL DO NOT DISTRIBUTE
STRATEGIES FOR MONITORING AND
MEASURING CLOUD SECURITY
THOMAS SCOTT Solutions Consultant
Thomas.Scott@Armor.com
@dfwcloudsec
thomas-scott-cloudsec
2. CONFIDENTIAL DO NOT DISTRIBUTE 2
Wheel of Doom
From A Journey into Microservices by Hailo
3. CONFIDENTIAL DO NOT DISTRIBUTE 3
HOW DO WE PROTECT SO MANY APPS
AND SO MUCH DATA?
5. 5
Top Strategic Predictions for 2016 and Beyond – Gartner 2016
95%OF CLOUD SECURITY FAILURES
THROUGH 2020 WILL BE THE
CUSTOMER’S FAULT
😱
http://www.gartner.com/newsroom/id/3143718
27. CONFIDENTIAL DO NOT DISTRIBUTE
THANKYOU
THOMAS SCOTT Solutions Consultant
Thomas.Scott@Armor.com
@dfwcloudsec
thomas-scott-cloudsec
Editor's Notes
Microservice, application, and infrastructure ecosystems are exploding in both variety and complexity.
We live in a copycat industry. On multiple occasions, I’ve heard colleagues say “Well Netflix and CapitalOne are utilizing this microservice and they’re great at DevOps…so if I use that microservice I will be great at DevOps too!”.
Unfortunately, these lines of thinking lead to two fundamental problems.
The reality is you own responsibility for securing the entirety of your application stack.
Gartner predicts that, “95% of Cloud security failures through 2020 will be the customers fault.” Failure to protect against any of the OWASP top 10 is a sadly a contributing factor to this statistic.
Application of the OWASP top 10 is critical to determining and protecting Organizations against common issues.
The top 10, as I’m sure many of you are aware, can be divided out into three categories.
For Authentication & Access Control, you’ve got Broken Authentication and Broken Access Control
Unvalidated Client-side Input incorporates 4 of the top 10.
Injection
XML External Entities
Cross-site Scripting
Insecure Deserialization
Finally, Bad Housekeeping rounds out the remaining top 10.
Sensitive Data Exposure
Security Misconfiguration
Using Components with Known Vulnerabilities
Insufficient Logging & Monitoring
However, I’m not here to teach you all the OWASP top 10 and why they are important. As I stated before, I am by no means an expert. OWASP has done all of the heavy lifting for us.
These critical security risks are not new. We all know that the bad practices and methodologies that lead to these risks are extremely common. It is up to us to follow through on eliminating these security failures.
A forward looking theme is to Do Less More Often.
Rather than retrofitting a variety of security controls and practices after code/infrastructure is running in the wild can be
Time consuming
Error prone
And most importantly it can be extremely costly
At every opportunity you get, shift security as far left in the development lifecycle as possible.
Security should be baked into development, deployment, and operations, as well as being thoroughly and frequently tested at all levels.
Shifting left encourages automation thereby reducing errors created from manual actions and codifying organizational and departmental security standards.
This slide is where most vendors love to begin pitching how their solution is going to solve all of your problems and if you’d just give them 5 minutes of your time, they’ll show you how!
Unfortunately, the mentality of buying a new tool to solve every new problem has created an unmanageable task for security professionals.
To create an effective application security program, you need to strike a balance between native and third party tools to help you.
Cloud native tools have a tremendous upside in that they often have simple integrations from an architectural perspective. The downside is in generally requires the knowledge and bandwidth of your team to manage and operationalize them.
Third party integrations and services can help eliminate the tedious and low-value aspect of SecOps for things like creating and updating rules and policies. This is generally a great benefit from a resource constraint perspective but often comes with a higher upfront cost.
With the increasing popularity of microservices and code based infrastructure, authentication and access control is becoming one of the final frontiers of security in the cloud.
Let’s talk a little about what AWS does for you natively and what things you can do to help round out your portion of the shared responsibility model.
The good news is that access to your infrastructures and AWS resources is deny by default. AWS wants to make things easy for you but don’t want you to get in too much trouble right out of the gate.
One thing to keep in mind however is that in the cloud we cannot take a perimeter security approach in regards to access control.
Authorization must be validated at more than just the request initialization level.
The wealth of information provided to you by AWS in regards to Authentication and Access control is invaluable. However, implementing best practices is where AWS stops doing all the work for you.
What are these best practices...
First start with
Enabling MFA for AWS console and application access
Disable the root account
Apply security policies to groups rather than individual users
For those who manage their IAM environment, they’ll know that AWS already has a nice Security Status section with big green check marks to know whether or not your doing what you should be doing
Although it shouldn’t have to be said, never open up an S3 bucket to the world unless it absolutely needs to be
Leverage AWS Config to use prebaked rules or build your own in order to evaluate your resource configurations against a set of rules or policies. You can then be alerted anytime a config drifts from your policy or build a Lambda trigger than will roll back the change.
Services like Cognito User Pools will help add layers of security to authentication such as
MFA via SMS or time-based OTP (one-time passwords)
Encryption at-rest and in-transit for authentication transactions
It gives you the ability to perform Checking of Compromised Credentials that will protect your users from using credentials that have been exposed from breaches of other websites
Finally you can utilize API Gateway Usage Plans to rate limit API calls made from clients
When it comes to unvalidated client side input, this is where you will get the most help.
The AWS Marketplace is full of WAFs and AWS’s own WAF offering can be easily integrate with AWS Application Load Balancers and CloudFront Distributions.
However, in many ways, technology alone is not the key. There is no flip we can simply switch on and we are secure. How we use the technology is critical to our success.
AWS has a whitepaper titled “Use AWS WAF to mitigate OWASP’s top 10 Web Application Vulnerabilities”. This will help you define baseline rules. However, remember that these rules are not exhaustive and should be used as a great starting point.
After you read the whitepaper on using the AWS WAF....actually use the AWS WAF! Implement rate-based rules to prevent specific IPs from spamming you too hard
If you can identify stolen tokens, use a token blacklist rule to block further requests with that token.
Use the built in capabilities of WAFs to implement policies to prevent file traversal
Also, consider managed rules. These managed rules will help take the operational burden of your organization from a maintenance perspective.
Now let’s wrap it up with just general bad housekeeping that is pervasive in our industry.
When it comes to Sensitive Data Exposure, the most common flaw is simply not encrypting sensitive data. That seems unbelievable but it is the reality we live in.
In order to be successful from a security perspective, you HAVE TO KNOW your environment.
Strong detective controls are crucial for security operations and forensics.
Logging is where my world and your worlds collide. Insufficient logging is the bedrock of nearly every major incident. It’s very difficult to know what happened, if there is no record of it.
AWS provides a variety of ways to log and ingest service data and to monitor and respond to log output and security findings.
A shocking revelation I’ve found throughout my conversations with peers in this industry over the last few years is that CloudTrail is not always enabled. This is unbelievable since CloudTrail is free!
A logging standard should also be built to determine what activities and sensitive information your applications do and don’t log. These logs should also have an established guideline for what the output looks like.
A big point to stress is that logging should not be used only for forensics and post-mortems. All logging should be monitored for suspicious activity and you should know how to respond in real time.
Streaming these logs to a central repository for analysis and correlation is essential. However, please keep in mind data sovereignty.
I know we’re all full and getting sleepy so I’ll wrap it up with just a few final best practices.
User Amazon Inspector to assess vulnerabilities in your environment such as insecure protocol usage or SSH misconfiguration.
Use segmentation throughout your stack to prevent unauthorized access to a Database server from anything other than an application server...and transversely any access to an app server from something other than a web server.
Encrypt S3 buckets and use HTTP headers to fail uploads that don’t use encryption.
Build workflows that refuse new unencrypted content or alert you for configurations that aren’t using encryption.
The final note for good housekeeping is to please don’t enable or install unnecessary services. This simply expands your vulnerability footprint with no value add to your organization.